bulk postage fine (was Re: non-censorous spam control)

[Adam Back]

Bubba Pettigrew <bpettigrew at usa.net> writes:
> 
> aba at dcs.ex.ac.uk wrote:
> > OK, lets say we make emails free, unmetered, but they _must_ include 
> > a valid token for 0c.  (OK Dimitri?)
> >
> > Next we choose a threshold say 1000 posts per day.  Seems hard to
> > imagine anyone generating manually over 1000 emails per day.  That's
> > more than 1 per minute for a 10 hour day.
> >
> > Next when you sign up for this new email postage system, you have to
> > hand over a $100 deposit.  The 0c payments are anonymous.  But if 
> > you spend over 1000 of them in one day, your identity becomes known 
> > (via a mechanism like that used for Chaum's off-line double spending
> > detection protocol).  You loose $100.  To you, the spammer, the 
> > posts cost 10c each.  Your account is disabled until you pay another
> > $100.
> 
> How would this work.  The ISP is enforcing these rules?  But the email
> is not anonymous to the ISP.  Or is the email going through a 
> remailer.

The email could be delivered a number of ways, remailer, users ISP,
some other ISP's open access sendmail hub (a lot of systems you can
connect to on the SMTP port and use them as a forwarder.  Some people
use this to do crude forgeries.  Spammers like this kind of trick).

It is the recipient who is enforcing the rules indirectly because, the
recipient cashes the 0c tokens on receipt.  That way the bank gets
back all the spent tokens.

There is a neat protocol that Chaum uses in his off-line ecash
protocol which allows you to have ecash which is anonymous so long as
you don't spend it twice.  If you spend twice the bank finds out your
identity, and then penalizes you.

This protocol could be extended to have ecash which revealed your
identity if you spent more than 1000 of a given minting.  The bank
would issue a fresh mint of ecoins each day.

> Why not just have an ISP say you can't send more than 1000 emails a
> day.  

Because you can bypass your ISP once you've got PPP or SLIP running.
You can telnet to port 25 (smtp port) on any of millions of open SMTP
ports.  You could send via a remailer.

> But then what stops other ISPs from using different rules to get the
> business of spammers.

Nothing.

It is up to the recipient if he wants to join up with this anti-spam
system.  If he does all email that arrives in his email box without a
0c postage token gets bounced back to the recipient.  (You can have
some fall back so that people without signing up can still get through
to you, don't just do a blind bounce, but bounce with a nonce (random
number), so that they have to reply with that random number in the
mail, and then you'll get it.)

I'm not sure the whole thing is that practical though because of the
sheer number of TCP/IP connections required to do an online banking
protocol for each and every mail.  The bank server would melt down.

So perhaps you could have lots of banks.  The other thing that is
wrong with it is that you have to trust the banks.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`